README.md

Kaspersky Threat Intelligence Portal

Overview

Kaspersky Threat Intelligence Portal provides reliable, immediate intelligence about cyber-threats, legitimate objects, their interconnections and indicators, enriched with actionable context to inform your business or clients about the associated risks and implications. Now you can mitigate and respond to threats more effectively, defending your system against attacks even before they are launched.

Kaspersky Threat Intelligence Portal delivers all the knowledge acquired by Kaspersky Lab about cyber-threats and their relationships, brought together into a single, powerful web service. The goal is to provide your security teams with as much data as possible in order to prevent cyber-attacks that can impact your organization. The platform retrieves the latest detailed threat intelligence about URLs, domains, IP addresses, file hashes, statistical / behavioral data, WHOIS / DNS data, and so on. The result is global visibility of new and emerging threats, helping you secure your organization and boosting incident response.

Threat intelligence is aggregated from fused, heterogeneous, and highly reliable sources. Then, in real time, all the aggregated data is carefully inspected and refined using multiple preprocessing techniques, such as statistical criteria, Kaspersky Lab expert systems, validation by analysts, and white-listing verification.

How it works

Indicators of compromise can be looked up through a web-based interface or Kaspersky Threat Intelligence Portal API. Kaspersky Threat Intelligence Portal enables you to request threat intelligence about the following objects

MD5 hashes

IP addresses

Domains

URLs

Kaspersky Threat Intelligence Portal displays whether an object is in Good, Bad, or Not categorized zones, while providing a rich set of contextual data to answer the who, what, where, and when questions that help you respond to or investigate threats more effectively.

Key features

The following are the key features of Kaspersky Threat Intelligence Portal

Data feeds
Security Threat Intelligence Services from Kaspersky Lab gives you access to the intelligence you need to mitigate cyber threats, provided by our world-class team of researchers and analysts.

Trusted threat intelligence
The key benefit of threat intelligence is the reliability of data enriched with actionable context.

Comprehensive and real-time coverage
Threat intelligence is automatically generated in real time, based on findings across the globe, providing high coverage and accuracy.

Rich data
Threat intelligence delivered by Kaspersky Threat Intelligence Portal includes a vast amount of different data types such as hashes, URLs, IP addresses, WHOIS, GeoIP, pDNS, file attributes, statistical and behavioral data, download chains, time stamps, and much more. Empowered with this data, you have access to a diverse landscape of security threats.

Continuous review by security experts
Hundreds of experts, including security analysts from across the globe, world-famous security experts from Global Research & Analysis Team (GReAT), and leading-edge R&D teams, contribute to generating valuable and real-life threat intelligence.

Easy-to-use API
Use the service in manual mode through a web portal or get access by means of a simple Kaspersky Threat Intelligence Portal API.

SaaS solution
With software as a service (SaaS), there is no need to integrate additional systems or services into your company’s infrastructure. Start using the service immediately.

IP address obtained from DomainDnsResoutions which belong to Green Zone

$KLGreyIPResoutions

IP address obtained from DomainDnsResoutions which belong to Grey Zone

$KLYellowIPResoutions

IP address obtained from DomainDnsResoutions which belong to Yellow Zone

$KLCreated

Date when the domain for the requested URL was registered

$KLDomainName

Name of the domain of the requested URL

$KLDomainStatus

Statuses of the domain

$KLExpires

Expiration date of the prepaid domain registration term.

$KLNameServers

Name servers of the domain for the requested URL

$KLRegistrationOrganization

Name of the registration organization

$KLUpdated

Date when registration information about the domain for the requested URL was last updated

$KLRegistrarEmail

Email of the registrar of the domain

$KLRegistrarIanaId

IANA ID of the registrar of the domain

$KLRegistrarInfo

Name of the registrar of the domain

UrlDomainWhoIs Information of the queried URL contains contact information which vary depending on the contact type present in the data
For instance for contact type as Technical the data for available fields would be

Fields

Description

$KLTechnicalAddress

Address of Technical contact present in the UrlDomainWhoIs data

$KLTechnicalCity

City of the Technical contact present in the UrlDomainWhoIs data

$KLTechnicalCountryCode

Country Code of the Technical contact present in the UrlDomainWhoIs data

$KLTechnicalEmail

Email of the Technical contact present in the UrlDomainWhoIs data

$KLTechnicalFax

Fax of the Technical contact present in the UrlDomainWhoIs data

$KLTechnicalName

Name of the Technical contact present in the UrlDomainWhoIs data

$KLTechnicalOrganization

Organization of the Technical contact present in the UrlDomainWhoIs data

$KLTechnicalPhone

Phone details of the Technical contact present in the UrlDomainWhoIs data

$KLTechnicalPostalCode

Postal Code of the Technical contact present in the UrlDomainWhoIs data

DomainWhoIsInfo Information of the queried domain contains contact information which vary depending on the contact present in the data
For instance for contact as Registrant the data for available fields would be